Rasmus Lerdorf also discusses language's security status, coming upgrades, and importance of getting out of the coder echo chamber

InfoWorld|Nov 18, 2013

PHP (Hypertext Preprocessor) is dominant in the realm of server-side Web application development: It's used on more than 81 percent of websites using server-side languages, according to W3Techs.com, which gathers data about the use of Web technologies. The language's creator, Rasmus Lerdorf, recently appeared at the DevBeat conference in San Francisco, where he gave a thumbs-up to Facebook's HipHop source code transformer for PHP. "If they get it general-purpose enough, maybe eventually that could become the next engine for PHP," he said. Having a JIT (just-in-time compiler) like the HipHop VM in PHP "is certainly a possibility, and yes, I do like what these guys are doing. But it isn't something that is close. It would be a couple years out at least still." Another variety of JIT technology also might wind up in PHP, he said.

Lerdorf, a distinguished engineer at e-commerce vendor Etsy, also told the audience that if he could change one fundamental thing about the way he developed PHP, it would have been to straighten out case sensitivity (PHP functions are not case-sensitive today). "I should have changed it earlier, but it seemed like a very trivial thing." Lerdorf also doubted PHP would ever become a strictly typed language. This would be a "huge, huge change," he said. "I don't think it will ever happen." Afterward, Lerdorf, who is still active in the development of PHP, fielded questions from InfoWorld Editor at Large Paul Krill.

InfoWorld: You mentioned when you developed PHP you were trying to solve a problem. What was the problem you were trying to solve?

Lerdorf: The Web problem in general, building websites quickly.

InfoWorld: This was when -- 1992, 1993?

Lerdorf: I started it in 1993. The first public release of PHP wasn't until 1995, but that was after I had worked on it for about a year and a half.

InfoWorld: What do you think about PHP overall as far as its success and maybe its failings?

Lerdorf: I look at problems it has solved and I look at projects. There's a project called Sahana, for example, out of Sri Lanka, which is a disaster relief management project where it's basically disaster-relief-in-a-box. If a big disaster happens, they come in. They provide an entire IT system that manages shelters. If someone checks into a shelter, you answer your smartphone, this person is here. Then there's a website for families to check where their family members might be, if someone has found them. It manages relief that gets delivered from other nations. You figure out, well, if we have water in this center, we have diapers over here, we have things over here. And you look at stuff like that and all this, the echo chamber of geeks sitting around playing with their tools means absolutely nothing to me compared to seeing the code actually saving peoples' lives.

InfoWorld: What is the next generation of PHP going to look like?

Lerdorf: We're just evolving slowly. We've added a few minor things for the PHP 5.6 release, but we're still discussing the new features.

InfoWorld: When is PHP 5.6 coming out?

Lerdorf: Probably about July 2014. July, August 2014.

InfoWorld: What are the minor features you have in there so far?

Lerdorf: Something called variadics. [Presently] you could put dot-dot-dot at the end for saying, "This function takes a variable number of arguments." Currently in PHP you do that with a function called get_func_args. You do that programmatically yourself. But now we're adding a syntax to do that a little bit. But it's a minor little thing, and we have a list of things like that, minor little enhancements to the syntax.

InfoWorld: Is PHP where it needs to be as far as security?

Lerdorf: Securitywise, yes. We have somewhat more security reports than some other languages out there. A lot of that has to do with usage. Languages that don't have users don't have a lot of security reports, and a lot of it is also that we tried to solve the things that we shouldn't have tried to solve. When people find a hole in it, even though no other language tries to solve it, because we said, "Hey, we tried to solve it." And they find a hole in it, and they have a security report against it. A lot of these things are basically local exploits, in the sense that you have to be on the machine and you have to be able to write code in PHP.

InfoWorld: What would be the advantage of a strictly typed PHP as opposed to it being loosely typed?

Lerdorf: It makes it a lot more rigid, but it also means that people will now have to care about types a lot, which is a huge change for a loosely typed language. And it's not a change that I think would help most people. I talked in the talk about the broadness of PHP, that we scale down and we scale up, and this is something that would maybe help the upper third, but the lower two-thirds are going to go, "Oh, man. What the hell? Why doesn't my code work anymore?" Because now every library I call suddenly says, "No, you passed me a string, I expect an integer." You're passing the onus of doing that to the people who don't necessarily understand the difference between the string and an integer, whereas the guy who wrote the library understands perfectly: "Hey, I know I need an integer. I can check this damn string. If it looks like an integer, great, I'll use it as an integer." That's what a loosely typed language does.

InfoWorld: Would you say PHP is one of the easier languages to program in?

Lerdorf: Yes. I think it is. It's a tricky balance to strike. You don't want to hide the problem too much because people still need to understand the basic structure of the Web. So we've had some other solutions in the past where you draw your application almost. You don't really know how it works. It's tricky to strike this balance between simplifying the problem but not oversimplifying it to the point where people don't understand the nature of an HTTP request and a response, so the basic characteristic of the Web still has to survive. You cannot write an effective application unless you actually understand the request/response nature of a Web request.

InfoWorld: When you developed PHP, did you think it would become as popular as it is?

Lerdorf: No. Not at all. Never. This was a tool for me. This was me building my own hammer because I couldn't find a hammer at the time.

InfoWorld: Is there anything else that you want to say as far as what a PHP developer should be looking out for?

Lerdorf: They should be upgrading more. We have lots and lots of users on older versions of PHP, which sometimes gets a little frustrating, and people will complain about features and missing features. Then you ask them [and find out] well, they're using PHP 5.1, and this feature they've been bugging me about, well, we introduced that four years ago. But they're not up to that speed yet. They're still on code from eight years ago.